Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub ΞΞ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

It no longer changes my DNS to 127.0.0.1 when I exit the widget, but it still changes it to that when I first open the widget every time and once I exit settings to go back to the main screen of the widget. Also, the random port checkbox must be selected every time the widget is opened. It will not stay selected once the widget is closed then reopened.

It no longer changes my DNS to 127.0.0.1 when I exit the widget, but it still changes it to that when I first open the widget every time and once I exit settings to go back to the main screen of the widget. Also, the random port checkbox must be selected every time the widget is opened. It will not stay selected once the widget is closed then reopened.

Included in this latest widget is access to the new ECC (Elliptic-Curve Cryptography) instances, which use the strongest available crypto OpenVPN 2.4.x has to offer. You can turn on this feature by going to Options -> Security and selecting the "Use ECC instances" checkbox. Only for 64 bit Windows, since these features require OpenVPN 2.4.x, which has dropped support for 32 bit Windows.The server/CA certificate for these instances is also using EC, which means smaller key size with better (or equivalent) crypto, which generally means better speeds.More info about these instances can be found at https://github.com/cryptostorm/cryptost ... master/eccand if you want to learn more about the specific configuration directives used, there's comments on almost every line of each of those configs explaining them.

Also included is a killswitch! You can turn it on under Options -> Security then clicking "Enable killswitch".It'll turn on when you press the Back button to go back to the main window.It uses Windows firewall to block everything except our VPN server IPs and our DNS IPs, so if your internet disconnects or your connection to the VPN is severed, you won't leak anything to the internet.Of course, since this is Windows, I would still recommend using an external device to implement your own killswitch on your router/firewall, since it's known that Microsoft has the ability to remove firewall rules remotely.

The other changes are mostly bug fixes, such as better handling of DNS settings when switching to/from dnscrypt-proxy. This should fix the problem people were having where DNS was getting left at 127.0.0.1 after exiting the widget.

New widget build released just now, v3.13.Those of you on v3.12, you should get a prompt informing you of the new version then asking you if you want to upgrade.For anyone else not already using the widget (or using < v3.12), it's available at https://cryptostorm.is/cryptostorm_setup.exe with hashes @ https://cryptostorm.is/cryptostorm_setup.exe.txt

Included in this latest widget is access to the new ECC (Elliptic-Curve Cryptography) instances, which use the strongest available crypto OpenVPN 2.4.x has to offer. You can turn on this feature by going to Options -> Security and selecting the "Use ECC instances" checkbox. Only for 64 bit Windows, since these features require OpenVPN 2.4.x, which has dropped support for 32 bit Windows.The server/CA certificate for these instances is also using EC, which means smaller key size with better (or equivalent) crypto, which generally means better speeds.More info about these instances can be found at https://github.com/cryptostorm/cryptostorm_client_configuration_files/tree/master/eccand if you want to learn more about the specific configuration directives used, there's comments on almost every line of each of those configs explaining them.

Also included is a killswitch! You can turn it on under Options -> Security then clicking "Enable killswitch".It'll turn on when you press the Back button to go back to the main window.It uses Windows firewall to block everything except our VPN server IPs and our DNS IPs, so if your internet disconnects or your connection to the VPN is severed, you won't leak anything to the internet.Of course, since this is Windows, I would still recommend using an external device to implement your own killswitch on your router/firewall, since it's known that Microsoft has the ability to remove firewall rules remotely.

The other changes are mostly bug fixes, such as better handling of DNS settings when switching to/from dnscrypt-proxy. This should fix the problem people were having where DNS was getting left at 127.0.0.1 after exiting the widget.

Source code is up at https://github.com/cryptostorm/cstorm_widget/blob/master/client.pl if anyone's interested.

Also, "network reset" in windows 10 Network and Internet settings no longer repairs the issue, for me. It has in the past though so some may want to try it. Just open network and internet settings scroll all the way to the bottom and there it is. The system will reboot and may or may not fix your issues.

Also, "network reset" in windows 10 Network and Internet settings no longer repairs the issue, for me. It has in the past though so some may want to try it. Just open network and internet settings scroll all the way to the bottom and there it is. The system will reboot and may or may not fix your issues.

The same thing is happening to me that Moonlight is describing. "Obtain DNS server automatically" must be set manually back every time I disconnect or get disconnected from cryptostorm before I can reconnect to the internet or to cryptostorm. Sometimes the widget leaves the DNS that it set from DNScrypt. Sometimes it's 127.0.0.1.It's been like this for me since the last big build update to Windows 10 64 bit

The same thing is happening to me that Moonlight is describing. "Obtain DNS server automatically" must be set manually back every time I disconnect or get disconnected from cryptostorm before I can reconnect to the internet or to cryptostorm. Sometimes the widget leaves the DNS that it set from DNScrypt. Sometimes it's 127.0.0.1.It's been like this for me since the last big build update to Windows 10 64 bit

While the widget is still open with the error message, I go the DNS settings which are now 127.0.0.1. I change them to Obtain DNS server address automatically, and click connect again, and it is now connecting.

Had I exited the widget after the error message and then change the DNS to Obtain DNS server address automatically, I would get the same error connection message.

This happens every morning (after overnight shutdown of the PC and modem) since the change over from the Narwhal widget. When the PC and modem are shutdown during the day (for a couple of hours), no issue reconnecting.

Don't know if and how this issue can be fixed.

Suggestion

2. When I lose connection I am not getting immediately (it is taking a long time and it does not come on top) on top of everything another windows with the error message (like for the Narwhal widget):

Error: Cannot resolve windows-switzerland.cstorm.pw

I become aware of the lost connection because pages are no longer loading and the small widget icon in the taskbar has discreetly become red.

Would appreciate if this issue can be looked into and possibly resolved with the next release.

While the widget is still open with the error message, I go the DNS settings which are now 127.0.0.1. I change them to Obtain DNS server address automatically, and click connect again, and it is now connecting.

Had I exited the widget after the error message and then change the DNS to Obtain DNS server address automatically, I would get the same error connection message.

This happens every morning (after overnight shutdown of the PC and modem) since the change over from the Narwhal widget. When the PC and modem are shutdown during the day (for a couple of hours), no issue reconnecting.

Don't know if and how this issue can be fixed.

Suggestion

2. When I lose connection I am not getting immediately (it is taking a long time and it does not come on top) on top of everything another windows with the error message (like for the Narwhal widget):

Error: Cannot resolve windows-switzerland.cstorm.pw

I become aware of the lost connection because pages are no longer loading and the small widget icon in the taskbar has discreetly become red.

Would appreciate if this issue can be looked into and possibly resolved with the next release.

It does still tend to crash if you put the PC to sleep while it is running though. (Win 7 laptop) That isn't a huge issue in itself, as the old version used to fairly reliably die or get confused when sleeping too. Fair enough - if it is disconnected for a while the VPN connection is bound to drop. What *is* more of an issue is that it fails open now.

So if I restore my lappie from sleep, the client is minimised in the taskbar and refuses to be restored, I am no longer connected to the VPN, and (unprotected) Internet access is working. Previously when the client had a connection error, it would also break Internet access in general until it was closed.

New client seems to be working pretty well!

It does still tend to crash if you put the PC to sleep while it is running though. (Win 7 laptop) That isn't a huge issue in itself, as the old version used to fairly reliably die or get confused when sleeping too. Fair enough - if it is disconnected for a while the VPN connection is bound to drop. What *is* more of an issue is that it fails open now.

So if I restore my lappie from sleep, the client is minimised in the taskbar and refuses to be restored, I am no longer connected to the VPN, and (unprotected) Internet access is working. Previously when the client had a connection error, it would also break Internet access in general until it was closed.

redman wrote:i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.Screen.PNG

This is exactly where it al stops for me (but i try the paid servers)

[quote="redman"]i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.Screen.PNG[/quote]

This is exactly where it al stops for me :-((but i try the paid servers)

i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.

i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.[attachment=0]Screen.PNG[/attachment]

noticed this too but unsure of your present OS type... This happens if you are also running another DNScrypt instance.

with simplednscrypt (windoze) you will just need to re-select your earlier dnscrypt enabled servers from the dropdown menu.And to re-select the adapters for which dnscrypt has temporarily changed ie the TAP/tun adapters and LAN adapter

Then, if other nameserver values still remain , you only have to remove-and-reinstall the DNSCrypt service.

through a few mouse clicks (and there is no need to uninstall/reinstall the present dnscrypt software you are using).

If the service is up and listening on the correct ports

Primary nameserver ---------> 127.0.0.1 (port 53) and

sec. nameserver #2 -------------------> 127.0.0.2

the gui is easiest route if unsure about terminal based commands.

Those with only the dnscrypt-proxy service installed have to type the stuff via the console/terminal method. Or restart the service under "Services"

Next you could try :

/nslookup cryptostorm.is

to determine the current resolvers

noticed this too but unsure of your present OS type... This happens if you are also running another DNScrypt instance.

with simplednscrypt (windoze) you will just need to re-select your earlier dnscrypt enabled servers from the dropdown menu.And to re-select the adapters for which dnscrypt has temporarily changed ie the TAP/tun adapters and LAN adapter

Then, if other nameserver values still remain , you only have to remove-and-reinstall the DNSCrypt service.

through a few mouse clicks (and there is no need to uninstall/reinstall the present dnscrypt software you are using).

If the service is up and listening on the correct ports

Primary nameserver ---------> 127.0.0.1 (port 53) and

sec. nameserver #2 -------------------> 127.0.0.2

the gui is easiest route if unsure about terminal based commands.

Those with only the dnscrypt-proxy service installed have to type the stuff via the console/terminal method. Or restart the service under "Services"

Hey, just joined cryptostorm last weak, I've a question, will there be a client based on opoenvpn 2.4?Also how are plans going for an android client?Thanks!It's pretty awesome what a great service with many good Ideas you build!Realy looking forward what you will create in the future!Thanks!

Hey, just joined cryptostorm last weak, I've a question, will there be a client based on opoenvpn 2.4?Also how are plans going for an android client?Thanks!It's pretty awesome what a great service with many good Ideas you build!Realy looking forward what you will create in the future!Thanks!

@JTD121Do you get that error when running cryptostorm_setup.exe? If so, you should exit the widget before you begin the installation. Windows can't overwrite client.exe if it's already running. Although, the installation should detect if the widget is already running and ask if it's okay to close it before attempting to overwrite it.

@JTD121Do you get that error when running cryptostorm_setup.exe? If so, you should exit the widget before you begin the installation. Windows can't overwrite client.exe if it's already running. Although, the installation should detect if the widget is already running and ask if it's okay to close it before attempting to overwrite it.

@ATurtleIf anyone is still using XP, they clearly don't care about security.You could argue that Microsoft updates doesn't equate to security (which is accurate), but since XP hasn't received security patches for several years now, using it under any pretense is just plain dumb.Maybe in a system/VM that's offline, or behind such a restrictive firewall that nothing's possible... but then what's the point?

@ATurtleIf anyone is still using XP, they clearly don't care about security.You could argue that Microsoft updates doesn't equate to security (which is accurate), but since XP hasn't received security patches for several years now, using it under any pretense is just plain dumb.Maybe in a system/VM that's offline, or behind such a restrictive firewall that nothing's possible... but then what's the point?

@KungFuCheXP is no longer supported. Anyone still on XP will have to stay on the older v2.22, which won't receive any new updates, unless some horribly vulnerable issue is discovered in the openvpn/openssl that version uses.It's usually a bad idea to provide backwards compatibility for an OS version that stopped receiving security updates several years ago.I do plan on doing more tests regarding the different ways internet can be disconnected and how to detect it so the widget responds accordingly.Same goes for the different CPU features and architectures, and the systray issues that seem to vary by Windows version.

Just built a new widget v3.0.0.72 that includes code that now saves that connect timeout value (Under "Options" -> "Connecting") so it's remembered on restart.

@KungFuCheXP is no longer supported. Anyone still on XP will have to stay on the older v2.22, which won't receive any new updates, unless some horribly vulnerable issue is discovered in the openvpn/openssl that version uses.It's usually a bad idea to provide backwards compatibility for an OS version that stopped receiving security updates several years ago.I do plan on doing more tests regarding the different ways internet can be disconnected and how to detect it so the widget responds accordingly.Same goes for the different CPU features and architectures, and the systray issues that seem to vary by Windows version.

UPDATE: a cable fault was determined to be the cause of hang at splash screen (need to trap PHY errors)

Also noticed some state corruption related to suspend/resume. Observed the following issues:

- widget appears in tray but connection is not routed through VPN- widget disappears from tray but VPN connnection still active- widget crashes on exit request and clearnet connectivity is not restored (but can reconnect to VPN if widget is relaunched)

PS - forum says you can edit your posts but edit button does not appear at the next login

[b]UPDATE: a cable fault was determined to be the cause of hang at splash screen[/b] (need to trap PHY errors)

Also noticed some state corruption related to suspend/resume. Observed the following issues:

- widget appears in tray but connection is not routed through VPN- widget disappears from tray but VPN connnection still active- widget crashes on exit request and clearnet connectivity is not restored (but can reconnect to VPN if widget is relaunched)

some good progress is being made on the widget here but i see a major issue on some 32 bit platforms:

client.exe hangs at splash screen with high CPU load(the initial window with the controls does not appear)then it constantly retries some I/O read operation - looks like it might involve a call to mswsock.dll (WSPStartup)this produces a memory leak: client.exe allocates +1 MB every 2 seconds until system haltsnothing related is seen in event log

not really looking for old platform support - just pointing out that v2 was working so if you are going to fail now lets make a clean exit

on other platforms where it works, i see some issues with suspend / resume:upon resuming client.exe is still running and it appears in tray - but nothing happens when you click on it (and https://cryptostorm.is/test fails)so the user must manually test connectivity every time the machine wakesneed some way to fail safe (= no access without VPN)

some good progress is being made on the widget here but i see a major issue on some 32 bit platforms:

[b]client.exe[/b] hangs at splash screen with high CPU load(the initial window with the controls does not appear)then it constantly retries some I/O read operation - looks like it might involve a call to mswsock.dll (WSPStartup)this produces a memory leak: client.exe allocates +1 MB every 2 seconds until system haltsnothing related is seen in event log

not really looking for old platform support - just pointing out that v2 was working so if you are going to fail now lets make a clean exit

on other platforms where it works, i see some issues with suspend / resume:upon resuming client.exe is still running and it appears in tray - but nothing happens when you click on it (and https://cryptostorm.is/test fails)so the user must manually test connectivity every time the machine wakes[b]need some way to fail safe[/b] (= no access without VPN)

@justintimeJust as parityboy said, Windows requires more effort to make things more secure/anonymous.It's non-trivial to run DNSCrypt along with OpenVPN while also blocking DNS, WebRTC/STUN/ICE, and IPv6 leaks in Windows.On Linux, it is trivial. Plus, most of the issues that the Windows Widget fixes don't even exist in Linux.

@parityboyMD5 and SHA1 are considered broken, but in order for someone to perform a collision (like if they were able to manipulate the cryptostorm_setup.exe file and wanted to get past integrity checks), they would have to cause the other hashes to change too (md5 collision would change the sha1 and sha512 hashes, sha1 collision would change the md5 and sha512 hashes, etc.). That's why you should check all 3 hashes. Even so, here's the sha256 hash of the last build (v3.0.0.71): d93e388f90b8177f3dcc16365e25c575f1be64df7a6a1b9caca13bbae87f1733

If anyone out there is using one of those programs that only supports MD5 or SHA1, try out https://sourceforge.net/projects/simplehasher/It's free and supports a lot more ciphers (more than I've provided for the .exe actually), and is pretty easy to use.

@justintimeJust as parityboy said, Windows requires more effort to make things more secure/anonymous.It's non-trivial to run DNSCrypt along with OpenVPN while also blocking DNS, WebRTC/STUN/ICE, and IPv6 leaks in Windows.On Linux, it is trivial. Plus, most of the issues that the Windows Widget fixes don't even exist in Linux.

@parityboyMD5 and SHA1 are considered broken, but in order for someone to perform a collision (like if they were able to manipulate the cryptostorm_setup.exe file and wanted to get past integrity checks), they would have to cause the other hashes to change too (md5 collision would change the sha1 and sha512 hashes, sha1 collision would change the md5 and sha512 hashes, etc.). That's why you should check all 3 hashes. Even so, here's the sha256 hash of the last build (v3.0.0.71): d93e388f90b8177f3dcc16365e25c575f1be64df7a6a1b9caca13bbae87f1733

The only reason I'm still including SHA1 and MD5 hashes is that there's a lot of free products (like https://www.microsoft.com/en-us/download/details.aspx?id=11533 ) that only does MD5 and SHA1, and a lot of people are probably using one of those programs.

If anyone out there is using one of those programs that only supports MD5 or SHA1, try out https://sourceforge.net/projects/simplehasher/It's free and supports a lot more ciphers (more than I've provided for the .exe actually), and is pretty easy to use.

Most Linux users know enough to handle their security issues in terms of firewalls, leaks etc. Not only that, but also consider that those security features are in the widget because...Windows. However, you do have a point: as desktop Linux becomes more popular, that popularity will be represented by users who are not as familiar with Linux and network security as us *nix heads are.

[b]@justintime[/b]

Most Linux users know enough to handle their security issues in terms of firewalls, leaks etc. Not only that, but also consider that those security features are in the widget because...Windows. However, you do have a point: as desktop Linux becomes more popular, that popularity will be represented by users who are not as familiar with Linux and network security as us *nix heads are.

I'm a bit shocked/surprised that there is ONLY a windows widget version. CS has always prided itself on being as secure as possible, and I don't understand why that wouldn't include Unix? The windows widget has many added security features...

But anyone who is REALLY concerned with security, is either running it on Linux, or on their router which means they cannot take advantage of any of these extra security enhancements.

I left CS a year ago, waiting for this to be released, but it still hasn't happened yet

It just feels wrong on so many levels.

I'm a bit shocked/surprised that there is ONLY a windows widget version. CS has always prided itself on being as secure as possible, and I don't understand why that wouldn't include Unix? The windows widget has many added security features...

But anyone who is REALLY concerned with security, is either running it on Linux, or on their router which means they cannot take advantage of any of these extra security enhancements.

I left CS a year ago, waiting for this to be released, but it still hasn't happened yet :(

The main feature in this build is better closing of the openvpn process, so your session counter will decrease instantly when you disconnect or exit.In all the previous builds it was doing an 'unclean' kill of that process, which meant the server didn't recognize your disconnect until the server-side openvpn timed out the connection, which takes 2 minutes.Now it should happen instantly, so no more auth failures when you quickly disconnect/reconnect.

The other feature is in Options -> Connecting, you can now specify that 60 second connect timeout to something a little higher if you need more than 60 seconds to connect (like if on bad WiFi).

Up at the usual places, https://cryptostorm.is/cryptostorm_setup.exe and https://b.unni.es/cryptostorm_setup.exe

The main feature in this build is better closing of the openvpn process, so your session counter will decrease instantly when you disconnect or exit.In all the previous builds it was doing an 'unclean' kill of that process, which meant the server didn't recognize your disconnect until the server-side openvpn timed out the connection, which takes 2 minutes.Now it should happen instantly, so no more auth failures when you quickly disconnect/reconnect.

The other feature is in Options -> Connecting, you can now specify that 60 second connect timeout to something a little higher if you need more than 60 seconds to connect (like if on bad WiFi).

Well, I fixed it.Windows Settings, Network & Internet, in the Status tab all the way at the bottom click "Network reset". It auto reboots the system and then after that it was fixed.Sorry for the confusion, and for cluttering your thread here when the problem was on my end.

PS I ended up buying a 1 year token with CS. Very impressive service. Nothing else came close after extensive research and testing.

Well, I fixed it.Windows Settings, Network & Internet, in the Status tab all the way at the bottom click "Network reset". It auto reboots the system and then after that it was fixed.Sorry for the confusion, and for cluttering your thread here when the problem was on my end.

PS I ended up buying a 1 year token with CS. Very impressive service. Nothing else came close after extensive research and testing.

Some other weird things about it:My connection to the internet works if I also go down a digit as well. So, if I changed ***.**.147.76 to ***.**.147.75 That change also repairs the connection. So one digit either up or down makes it work

When I use the v3 client to connect at the end I get the green bar that says I'm connected and no errors are reported even though I cannot browse the internet with any standard browser. Firefox, Microsoft Edge, Brave Browser all don't work. Tor Browser however, does work even before any changes are made by me manually to the Primary DNS IP address.

The only thing that I've installed recently was mullvad's windows client, in order to compare VPN services. That has since been completely uninstalled and the system has been rebooted, and the problem remains.

Some other weird things about it:My connection to the internet works if I also go down a digit as well. So, if I changed ***.**.147.76 to ***.**.147.75 That change also repairs the connection. So one digit either up or down makes it work

When I use the v3 client to connect at the end I get the green bar that says I'm connected and no errors are reported even though I cannot browse the internet with any standard browser. Firefox, Microsoft Edge, Brave Browser all don't work. Tor Browser however, does work even before any changes are made by me manually to the Primary DNS IP address.

The only thing that I've installed recently was mullvad's windows client, in order to compare VPN services. That has since been completely uninstalled and the system has been rebooted, and the problem remains.

@KharizThe widget does manually set the DNS if DNSCrypt is enabled. Everything else is done via TAP, but there might be some code still in there that's leftover from before --block-outside-dns was implemented into OpenVPN, back when the widget had to do the DNS leak blocks itself.

@crimghostThat is very weird. There's nothing in the code that does any sort of math against any DNSCrypt server IP, and the DNS server IP you get when you connect is pushed directly from the server... You sure you're not running any other software that might be modifying your DNS settings?

@KharizThe widget does manually set the DNS if DNSCrypt is enabled. Everything else is done via TAP, but there might be some code still in there that's leftover from before --block-outside-dns was implemented into OpenVPN, back when the widget had to do the DNS leak blocks itself.

@crimghostThat is very weird. There's nothing in the code that does any sort of math against any DNSCrypt server IP, and the DNS server IP you get when you connect is pushed directly from the server... You sure you're not running any other software that might be modifying your DNS settings?

I find that exceptionally weird considering the fact that the widget should not be manually setting the DNS IP to the actual servers IP address anyway, it should be sending it to the tap adapter gateway. I wonder if some setting is being pushed differently from the servers than it used to be.

I find that exceptionally weird considering the fact that the widget should not be manually setting the DNS IP to the actual servers IP address anyway, it should be sending it to the tap adapter gateway. I wonder if some setting is being pushed differently from the servers than it used to be.

I've run into a problem where when I connect to Cryptostorm service, no matter which server I connect to, the v3 client sets my preferred DNS server 1 digit too low. So my browser cannot connect to the internet until I go into Windows 10 settings and manually increase the final digit on the right 1 digit higher than client v3 sets it automatically.To be clear if client v3.0.0.67 sets my preferred DNS to ***.**.147.76 I cannot connect until I go in and manually set my preferred DNS to ***.**.147.77 instead. Every server I've tried works fine once I make this change though.

I've run into a problem where when I connect to Cryptostorm service, no matter which server I connect to, the v3 client sets my preferred DNS server 1 digit too low. So my browser cannot connect to the internet until I go into Windows 10 settings and manually increase the final digit on the right 1 digit higher than client v3 sets it automatically.To be clear if client v3.0.0.67 sets my preferred DNS to ***.**.147.76 I cannot connect until I go in and manually set my preferred DNS to ***.**.147.77 instead. Every server I've tried works fine once I make this change though.

@marzametalEh, I haven't been maintaining the previous versions though since these v3 betas were never really intended to be released, at least not until it got out of beta. So each new build is uploaded to the same place, overwriting the previous. The only way to get .66 would be if you already downloaded it and still have it saved, or if I built a new .68 that used ovpn 2.4 instead of 2.3.

@marzametalEh, I haven't been maintaining the previous versions though since these v3 betas were never really intended to be released, at least not until it got out of beta. So each new build is uploaded to the same place, overwriting the previous. The only way to get .66 would be if you already downloaded it and still have it saved, or if I built a new .68 that used ovpn 2.4 instead of 2.3.

Khariz wrote:I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3

Maybe you could roll back to .66 which has 2.4... saves you clicking No all the time.

[quote="Khariz"]I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3[/quote]Maybe you could roll back to .66 which has 2.4... saves you clicking No all the time.

I can't explain.....but I just downloaded the v3 widget again and I'm now connected and the screen shot below is showing green. Thanks for all your work and responses. I'm just happy this is finally working.

I can't explain.....but I just downloaded the v3 widget again and I'm now connected and the screen shot below is showing green. Thanks for all your work and responses. I'm just happy this is finally working.[img]http://www.steemimg.com/images/2017/02/10/working7886f.jpg[/img]

Tested with somebody, and for whatever reason OpenVPN 2.4.0 kept crashing on them.So I just released v3.0.0.67 that's downgraded to OpenVPN 2.3.14, it'll most likely fix this issue for anyone else still having problems with v3.0.0.66.

Tested with somebody, and for whatever reason OpenVPN 2.4.0 kept crashing on them.So I just released v3.0.0.67 that's downgraded to OpenVPN 2.3.14, it'll most likely fix this issue for anyone else still having problems with v3.0.0.66.

It sounds like people had problems with the csvpn.exe (openvpn 2.4.0) that got pushed in the last update.It worked for me on Win10, but just in case I reuploaded the same openvpn/openssl binaries/libraries that I had locally onto all the servers so that they would get pushed instead.

For those still having this issue, uninstall/reinstall v3.0.0.66 and connect, then accept the update when it pops up and it should upgrade to openvpn 2.4.0 + openssl 1.0.2k just fine.

If you're still getting stuck at "Logging into darknet" even after trying the above, my guess is that you have an AV program running in the background that's deleting csvpn.exe or ossl.exe after it gets downloaded because the action appears to be malicious (granted, it is suspicious for a .exe to get downloaded like that). So if you've got any sort of AV running, add "C:\Program Files (x86)\Cryptostorm Client\" to your exclusion list.

It sounds like people had problems with the csvpn.exe (openvpn 2.4.0) that got pushed in the last update.It worked for me on Win10, but just in case I reuploaded the same openvpn/openssl binaries/libraries that I had locally onto all the servers so that they would get pushed instead.

For those still having this issue, uninstall/reinstall v3.0.0.66 and connect, then accept the update when it pops up and it should upgrade to openvpn 2.4.0 + openssl 1.0.2k just fine.

If you're still getting stuck at "Logging into darknet" even after trying the above, my guess is that you have an AV program running in the background that's deleting csvpn.exe or ossl.exe after it gets downloaded because the action appears to be malicious (granted, it is suspicious for a .exe to get downloaded like that). So if you've got any sort of AV running, add "C:\Program Files (x86)\Cryptostorm Client\" to your exclusion list.

I have the same problem as the others above. After some auto update yesterday it stopped working. I have reinstalled (build 3.0.0.66)and so on but it dosent work and i am using Win10. Someone wrote that it worked on Win10... not for me. Same error it loads and then stoppes on logging into darknet.. then only reconnect every 60 sek. I have checked my key and it is still valid for 45 Days.

I have the same problem as the others above. After some auto update yesterday it stopped working. I have reinstalled (build 3.0.0.66)and so on but it dosent work and i am using Win10. Someone wrote that it worked on Win10... not for me. Same error it loads and then stoppes on logging into darknet.. then only reconnect every 60 sek. I have checked my key and it is still valid for 45 Days.

I've been using widget v3 for months and it has been solid. All of a sudden last night it automatically stalled on connection. I tried to restart it and it kept coming back with the yellow bar 'took longer than 60 seconds to connect'.

I've now completed all of the task below with the same yellow bar continuing to plague me:updated nodesrestarted the widgetinstalled the widget all over againrestarted my computer

If anyone has any updates on why this could be happening I'd greatly appreciate it. I have to admit that since August when I purchased I feel like I've had a lot of problems and not much on the way of help.

I've been using widget v3 for months and it has been solid. All of a sudden last night it automatically stalled on connection. I tried to restart it and it kept coming back with the yellow bar 'took longer than 60 seconds to connect'.

I've now completed all of the task below with the same yellow bar continuing to plague me:updated nodesrestarted the widgetinstalled the widget all over againrestarted my computer

If anyone has any updates on why this could be happening I'd greatly appreciate it. I have to admit that since August when I purchased I feel like I've had a lot of problems and not much on the way of help.

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.It stops at the “Logging into the darknet” step, no log is visible, just a black square.Is there a way to get the log elsewhere?Widget v2.22 is working.

Thanks in advance for any help.

I am having the same issue. Tracked it down to csvpn.exe (the openvpn version - openvpn.exe after renaming to csvpn.exe also misbehaves)

[quote="bricus"]Hi,

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.It stops at the “Logging into the darknet” step, no log is visible, just a black square.Is there a way to get the log elsewhere?Widget v2.22 is working.

Thanks in advance for any help.[/quote]I am having the same issue. Tracked it down to csvpn.exe (the openvpn version - openvpn.exe after renaming to csvpn.exe also misbehaves)

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.It stops at the “Logging into the darknet” step, no log is visible, just a black square.Is there a way to get the log elsewhere?Widget v2.22 is working.

Thanks in advance for any help.

Hi,

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.It stops at the “Logging into the darknet” step, no log is visible, just a black square.Is there a way to get the log elsewhere?Widget v2.22 is working.

@JJThat's intended. The widget detects hibernate/suspend and disconnects the VPN since internet gets killed anyways when that happens. When the computer wakes up, the widget detects that too and will reconnect the VPN if you were connected before the hibernate. If you weren't connected to the VPN before hibernate, it'll still set the DNS to the local DNSCrypt server (127.0.0.1), unless you have DNSCrypt disabled.

@Everyone elseLatest widget build is v3.0.0.66, which fixes a small bug where when auto-updating the dnscrypt-resolvers.csv file, it would delete the openssl + openvpn .exe's too if also upgrading those.There was a v3.0.0.65 that was on the web site for about a minute, but it was quickly removed because of a bug where the upgrade process broke due to a temporary directory not being created correctly. So if anyone downloaded it in the short time it was there, upgrade to v3.0.0.66.

Side note:Right now I'm trying to change the node list update code since it still does a simple/lazy grab of https://cryptostorm.nu/nodelist3.txt , which means if cryptostorm.nu goes down or someone is able to do an HTTPS MitM against you, you won't be able to update your node list (or in the MiTM case, someone could point you to a malicious VPN server). I think a solution to that problem would be to only allow updating of the node list after connected to the VPN, so it would grab nodelist3.txt from a local copy stored on node itself, via the VPN tunnel. For people who don't have tokens yet, the feature would also work on Cryptofree.

And yes, I still plan on adding a killswitch function in the near future. If I can't get the code I'm working on now to play nicely with Windows, or if it's going to end up taking much longer than it already has, I'll most likely just slap together something using WFP or Windows Firewall. Not as efficient as I'd like, but it would be functional enough for most people.

@JJThat's intended. The widget detects hibernate/suspend and disconnects the VPN since internet gets killed anyways when that happens. When the computer wakes up, the widget detects that too and will reconnect the VPN if you were connected before the hibernate. If you weren't connected to the VPN before hibernate, it'll still set the DNS to the local DNSCrypt server (127.0.0.1), unless you have DNSCrypt disabled.

@Everyone elseLatest widget build is v3.0.0.66, which fixes a small bug where when auto-updating the dnscrypt-resolvers.csv file, it would delete the openssl + openvpn .exe's too if also upgrading those.There was a v3.0.0.65 that was on the web site for about a minute, but it was quickly removed because of a bug where the upgrade process broke due to a temporary directory not being created correctly. So if anyone downloaded it in the short time it was there, upgrade to v3.0.0.66.

Included is the latest nodelist, dnscrypt resolvers, openssl, and openvpn.As usual, the latest build can be found at https://cryptostorm.is/cryptostorm_setup.exe or https://b.unni.es/cryptostorm_setup.exe

Side note:Right now I'm trying to change the node list update code since it still does a simple/lazy grab of https://cryptostorm.nu/nodelist3.txt , which means if cryptostorm.nu goes down or someone is able to do an HTTPS MitM against you, you won't be able to update your node list (or in the MiTM case, someone could point you to a malicious VPN server). I think a solution to that problem would be to only allow updating of the node list after connected to the VPN, so it would grab nodelist3.txt from a local copy stored on node itself, via the VPN tunnel. For people who don't have tokens yet, the feature would also work on Cryptofree.

And yes, I still plan on adding a killswitch function in the near future. If I can't get the code I'm working on now to play nicely with Windows, or if it's going to end up taking much longer than it already has, I'll most likely just slap together something using WFP or Windows Firewall. Not as efficient as I'd like, but it would be functional enough for most people.

In addition to my earlier message: it looks as if there is also something with the widget. Not sure if that's the case, but when my laptop restarts after a hibernate mode, the DNS-server setting of my network adapter is changed in a local one: 127.0.0.1. With the widget activated the adapter setting on IP4 is the CS DNS-server of the country I selected.

In addition to my earlier message: it looks as if there is also something with the widget. Not sure if that's the case, but when my laptop restarts after a hibernate mode, the DNS-server setting of my network adapter is changed in a local one: 127.0.0.1. With the widget activated the adapter setting on IP4 is the CS DNS-server of the country I selected.

df wrote:@JJIt looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):nslookup windows-balancer.cstorm.pw 127.0.0.1That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.

OK. Thamks for this information. In the meantime (after hours of frustration and trial and error) I found out that my Kaspersky Internet Security was responsible for these problems. After consulting their Support crew I found a solution that is working with DNS-crypt enabled. Thanks for your support and keep up the good work.

[quote="df"]@JJIt looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):nslookup windows-balancer.cstorm.pw 127.0.0.1That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.[/quote]

OK. Thamks for this information. In the meantime (after hours of frustration and trial and error) I found out that my Kaspersky Internet Security was responsible for these problems. After consulting their Support crew I found a solution that is working with DNS-crypt enabled. Thanks for your support and keep up the good work.

@Guest404Probably not very soon, I'm still working on the widget for Windows.But I do plan on starting a Linux widget after v3 is officially released, which shouldn't be long now.

When I do begin the Linux widget, I'll probably just start from the Windows widget's code and begin hacking off a big portion of the code since a lot of it is unnecessary on Linux because Linux handles certain things in a sane manner (process signals, threading, a non-horrible firewall, etc.).

@Guest404Probably not very soon, I'm still working on the widget for Windows.But I do plan on starting a Linux widget after v3 is officially released, which shouldn't be long now.

When I do begin the Linux widget, I'll probably just start from the Windows widget's code and begin hacking off a big portion of the code since a lot of it is unnecessary on Linux because Linux handles certain things in a sane manner (process signals, threading, a non-horrible firewall, etc.).

@JJIt looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):nslookup windows-balancer.cstorm.pw 127.0.0.1That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.

@JJIt looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):nslookup windows-balancer.cstorm.pw 127.0.0.1That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.

@JJIt could also be that something else (an AV maybe?) is closing dnscrypt-proxy.exe for whatever reason.Either that or dnscrypt-proxy is spitting out an unexpected error.A way to test would be to open up a cmd prompt as Administrator and run:

As for disabling dnscrypt, it will make your pre-connect DNS requests less secure, but it's highly unlikely that an attacker would be able to do anything more than a DoS against you (maybe to prevent you from accessing the VPN).

@JJIt could also be that something else (an AV maybe?) is closing dnscrypt-proxy.exe for whatever reason.Either that or dnscrypt-proxy is spitting out an unexpected error.A way to test would be to open up a cmd prompt as Administrator and run:

As for disabling dnscrypt, it will make your pre-connect DNS requests less secure, but it's highly unlikely that an attacker would be able to do anything more than a DoS against you (maybe to prevent you from accessing the VPN).

@df Thanks for your response. I do not have a local DNS-server/proxy etc.. Is the widget adapted to block when this is the case?What is the risk of disabling DNS-crypt?? I understood that it was meant to improve privacy/security. What if it is permanently disabled?

@df Thanks for your response. I do not have a local DNS-server/proxy etc.. Is the widget adapted to block when this is the case?What is the risk of disabling DNS-crypt?? I understood that it was meant to improve privacy/security. What if it is permanently disabled?

@JJThe only thing I can think of that would cause that is if something else is already listening on 127.0.0.1:53 (such as a local DNS server/proxy/cache). Currently, the widget doesn't check to make sure port 53 is available on 127.0.0.1.I'll add that to the next build, so if something is using that port already, it'll popup a message telling you about it then it'll disable DNSCrypt. Maybe if it doesn't add too much additional code, I could also have it tell you which program is already listening on 127.0.0.1:53.

@JJThe only thing I can think of that would cause that is if something else is already listening on 127.0.0.1:53 (such as a local DNS server/proxy/cache). Currently, the widget doesn't check to make sure port 53 is available on 127.0.0.1.I'll add that to the next build, so if something is using that port already, it'll popup a message telling you about it then it'll disable DNSCrypt. Maybe if it doesn't add too much additional code, I could also have it tell you which program is already listening on 127.0.0.1:53.

OK. Another few hours of puzzling. Just found out that when I disable DSN-crypt in the widget, it is possible to connect to CS VPN without any errors. What does this mean? Is there an error in the DNS-crypt list? Or?

OK. Another few hours of puzzling. Just found out that when I disable DSN-crypt in the widget, it is possible to connect to CS VPN without any errors. What does this mean? Is there an error in the DNS-crypt list? Or?

@marzametalMany thanks for your thorough response. For me it is rather technical, (too technical) so I am not sure if I understand it all correct. But I use Kaspersky Internet Security. So far never had a problem with it. Wonder why this schould be the case with widget3 and off course, what I can do about it.

@marzametalMany thanks for your thorough response. For me it is rather technical, (too technical) so I am not sure if I understand it all correct. But I use Kaspersky Internet Security. So far never had a problem with it. Wonder why this schould be the case with widget3 and off course, what I can do about it.

I make use of Windows Firewall with Advanced Security, but I use a 3rd party app called Windows Firewall Control to act as an interface for WFwAS for the purposes of monitoring connection logs, and a 3rd party app called Acrylic DNS Proxy to handle DNS (along with wildcards in Hosts file).

NOTE: WFwAS does not provide such logging capabilites... one would have to navigate to "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" to see any resemblance of a connection log... very ugly looking, but it is plain text after all...

Essentially, it would be a guessing game to figure this out without firewall connection logs. Hence why I asked at the beginning of this post about your firewall software.

I have attached a print screen of my rules for an exit node, along with DHCP rules. The NLA Outbound Snooping rule (tied to Network Location Awareness Service) and the Crypto Outbound Snooping rule (tied to Cryptographic Services Service) are there, but are denied via a global Block Rule. The other rules are active when connecting to said exit node. Also, disregard the rule for Acrylic.

I will keep an eye on this thread for any of your replies... very interesting as to why you are having dramas.

Cheers.

P.S.: In regards to router, I have replaced my ISP DNS entries with CS DNS entries, and before I started using Acrylic DNS Proxy, I would have included two CS DNS addresses for ISP connection, but left the TAP Adapter DNS fields to populate automatically.

P.S.: Just remembered there is also an outbound rule for "C:\Program Files (x86)\Cryptostorm Client\bin\csvpn.exe"...

My approach is tedious, but once set up, it allows for transparency because the rules that are active only apply for the exit node that I am connecting to. I could provide more details, but will wait for a response so we are on the same page. Good luck buddy!

Attachments

CSVpn.exe

Rules...

What firewall do you use? Maybe I can think of something...

I make use of Windows Firewall with Advanced Security, but I use a 3rd party app called Windows Firewall Control to act as an interface for WFwAS for the purposes of monitoring connection logs, and a 3rd party app called Acrylic DNS Proxy to handle DNS (along with wildcards in Hosts file).

NOTE: WFwAS does not provide such logging capabilites... one would have to navigate to "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" to see any resemblance of a connection log... very ugly looking, but it is plain text after all...

Essentially, it would be a guessing game to figure this out without firewall connection logs. Hence why I asked at the beginning of this post about your firewall software.

I have attached a print screen of my rules for an exit node, along with DHCP rules. The NLA Outbound Snooping rule (tied to Network Location Awareness Service) and the Crypto Outbound Snooping rule (tied to Cryptographic Services Service) are there, but are denied via a global Block Rule. The other rules are active when connecting to said exit node. Also, disregard the rule for Acrylic.

I will keep an eye on this thread for any of your replies... very interesting as to why you are having dramas.

Cheers.

P.S.: In regards to router, I have replaced my ISP DNS entries with CS DNS entries, and before I started using Acrylic DNS Proxy, I would have included two CS DNS addresses for ISP connection, but left the TAP Adapter DNS fields to populate automatically.

P.S.: Just remembered there is also an outbound rule for "C:\Program Files (x86)\Cryptostorm Client\bin\csvpn.exe"...

My approach is tedious, but once set up, it allows for transparency because the rules that are active only apply for the exit node that I am connecting to. I could provide more details, but will wait for a response so we are on the same page. Good luck buddy!

marzametal wrote:The scenario in the above post happened to me as well...

It turns out that the widget defaults to a specific exit node after install/update, and unless the end user picks it up by checking connection logs, he/she will throw a fit because s**t doesn't work.

For me, it was one of the US nodes, off the top of my head, cannot remember which one.

Hey Marzametal: really interested in what connection logs I will have to check. Looks like it has nothing to do with DNS-settings. Would expect every location to have a problem then. But that is not the case. So it seems like another problem. Hope you can give me a clue.

[quote="marzametal"]The scenario in the above post happened to me as well...

It turns out that the widget defaults to a specific exit node after install/update, and unless the end user picks it up by checking connection logs, he/she will throw a fit because s**t doesn't work.

For me, it was one of the US nodes, off the top of my head, cannot remember which one.[/quote]

Hey Marzametal: really interested in what connection logs I will have to check. Looks like it has nothing to do with DNS-settings. Would expect every location to have a problem then. But that is not the case. So it seems like another problem. Hope you can give me a clue.